This invention relates to alarms and remote alarm monitoring systems and more particularly to methods and apparatus for transmitting and verifying alarm signals over a TCP/IP network.
Commercial and residential alarm systems which are remotely monitored are well known. In simplest terms, these systems comprise some form of sensor which produces a signal when the sensor is tripped, a means for transmitting the signal and an alarm monitoring station.
The alarm sensors can take many different forms, including fire, smoke, heat, motion, noise, power failure, intrusion and light detectors. Typically, these sensors have only two states, on and off, one of which indicates an alarm situation. That is, with some alarm sensors a circuit is closed and a signal is sent when the relevant alarm situation arises. With other alarm sensors a circuit is opened and a signal stops being sent when the relevant alarm situation arises. Typically, the alarm sensors are connected to some device which interprets the absence or presence (as the case may be) of a signal from the alarm sensor as an alarm situation and produces an alarm signal. With remotely monitored alarm systems, the alarm signal is then transmitted to the alarm monitoring station. As well, the alarm signal may be indicated at the location of the alarm sensor by various means, including bells, horns and flashing lights.
The known means for transmitting the alarm signal include wireless (for example, cellular telephone), telephone lines, and Transmission Control Protocol/Internet Protocol (referred to as TCP/IP) networks.
A network is a collection of computing devices connected together so that some of the software programs resident on those computing devices can exchange information. Such networks may include conventional telephone lines, high-speed data lines, and wireless and cellular telephone connections. An essential element for the proper functioning of any network is a set of rules for the exchange of information between the software programs. Such rules are referred to as data communication protocols. TCP/IP is a widely used set of data communication protocols. Networks which use TCP/IP to communicate are referred to as TCP/IP networks. The Internet is a global TCP/IP network.
The computing device on which a particular software program resides is said to be hosting that software and is referred to as the host computer or host. For the purpose of conceptualizing the exchange of information over a network, it is useful to think of the software programs as distinct entities and to characterize them as either clients or servers. Servers are software programs, which reside on computing devices connected to networks and which listen for incoming communication and permit communication to be initiated by other software programs, but do not initiate communication. Clients are software programs, which reside on computing devices connected to networks and which initiate communication with other software programs. A host computer can host more than one program.
The TCP/IP protocols provide several important characteristics which facilitate world-wide communication on the Internet, including a common addressing scheme which allows any device running TCP/IP to uniquely address any other device on the Internet. The backbone of the Internet consists of a series of high-speed communication links between major supercomputer sites, and educational and research institutions throughout the world. Connected to this backbone are thousands of World-Wide Web servers and millions of host computers. The Internet is a very robust communication means because, usually, many alternate routes are available between any two sites connected to the Internet.
The basis of Internet data transmission is an underlying, connectionless packet delivery system. The basic unit of data transfer is the packet, a block of data with a strict upper limit on block size that carries with it sufficient identification necessary for delivery to its destination. Data is transmitted through the Internet by dividing it into packets and sending one packet at a time. Each packet contains the sender""s IP address and the destination IP address.
The networking of computing devices raises security concerns about the software programs and data used by, and stored on, those computing devices connected to the network, particularly the Internet. So-called hackers are persons who attempt to use the Internet to gain access to data in the private computer systems of individuals, businesses and governments. A hacker who desires to break into a computer system will use an external computing device to attempt to initiate communication with that computer system through the Internet. The fact of communication initiation is very significant in network security, as the party which initiates communication can usually define the scope of the communication. For example, if an external computing device is able to successfully initiate communication with a computer system, this essentially creates a doorway through which the external computing device may make other connections within the computing system.
A common response to the concerns about network security caused by hackers is to install so-called firewalls. Firewalls are software programs which implement a set of rules to restrict the flow of packets between the network, which they protect, and the Internet. Among other things, firewalls typically prevent server programs protected by the firewall from accepting client connections from outside the firewall.
Each host computer connected to a TCP/IP network has an IP address, a unique digital address which can be used to send messages to that host. However, the number of hosts which routinely connect to the Internet now outnumber the IP addresses available under the current IP address system. There are two methods currently in use to deal with this address shortage. The two systems are referred to as the Dynamic IP address and Proxy servers.
Dynamic IP Address:
Fortunately, not all hosts are connected to the Internet at the same time and not all hosts need permanent IP addresses. For example, host computers hosting servers must have permanent IP addresses because the servers are listening for hosts wishing to connect to them and otherwise they could not be found on the Internet. On the other hand, computing devices hosting clients need not have permanent IP addresses, and often don""t. A host without a permanent IP address can obtain a temporary, or dynamic, IP address each time it wishes to initiate communication over the Internet. Typically, the dynamic IP address is provided by the relevant Internet service provider. As with permanent IP addresses, the relevant host""s dynamic IP address is added to every packet sent by that host to enable the recipients to reply.
Proxy Servers:
A single IP address on the Internet may be shared by a number of hosts on a Local Area Network (LAN) through a proxy server. Each host on the LAN is given an IP address which is locally valid, but not unique, globally valid IP address. When a client program running on a host on the LAN wants to communicate with a server on the Internet, it actually makes the connection request to the proxy server, which puts its own IP address on the packet and passes the request along to the intended server. That server replies to the proxy server, which passes the reply along to the host on the LAN which originated the connection.
Fortunately, not all hosts are connected to the Internet at the same time and not all hosts need permanent IP addresses. For example, host computers hosting servers must have permanent IP addresses because the servers are listening for hosts wishing to connect to them and otherwise they could not be found on the Internet. On the other hand, computing devices hosting clients need not have permanent IP addresses, and often don""t. A host without a permanent IP address can obtain a temporary, or dynamic, IP address each time it wishes to initiate communication over the Internet. Typically, the dynamic IP address is provided by the relevant Internet service provider. As with permanent IP addresses, the relevant host""s dynamic IP address is added to every packet sent by that host to enable the recipients to reply.
The reliability, flexibility and inexpensiveness of Internet communication has rapidly made it the preferred communication means for a variety of applications. These factors make the Internet is a good channel for the transmission of alarm signals, particularly over large distances, such as are used in remotely monitored alarm systems.
Another feature which is desirable in remotely monitored alarm systems is the ability to verify that an alarm situation has actually occurred after an alarm signal has been received. False alarm signals are not uncommon. They can be caused in a variety of ways, including faulty alarm sensors and user error, such as failing to deactivate an alarm system within a certain time after entering a building. Means for verifying that an alarm situation actually exists at a building from which an alarm signal has been received are known. They include traditional means such as sending personnel to visit the premises from which the alarm signal originated. There are also means which could be controlled over at TCP/IP network, such as, video observation, audio listening, audio challenge and response, and remote control of lights and other devices such as robotics.
Communication over the Internet for the purpose of verifying alarms raises issues of network security for the user of the alarm system. Sending an alarm signal over a TCP/IP network causes few concerns because the software program which initiates the communication, and therefore defines the scope of the exchange, is part of the alarm system. It is a client rather than a server. However, it is crucial for building security that the software program (or programs) controlling the verification means, for example video cameras installed within a building, be protected from access and tampering by hackers. Clearly, an alarm system would be unacceptable if it enabled hackers to obtain video images or audio signals from within the relevant building. Most firewalls would not be capable of distinguishing between a hacker attempting to hack in to an alarm verification software program and an authorized user attempting to initiate communication in order to verify an alarm. As well, it is often desirable with remote alarm monitoring systems to separate the alarm signal monitoring function from the alarm verification function. In some cases it may be desirable to have the alarm verification function hosted on a separate workstation on the same local area network as the alarm monitor function. In other cases it may be desirable to have the alarm verification function hosted at a physical location remote from the alarm monitor function. For example, when an alarm indicates that there are intruders in a building and the verification means is video images, it would be useful for security personnel to have a wireless portable device which is able to receive video images from the building over the Internet.
Remote alarm monitoring systems comprising connections to the Internet and means for obtaining and sending video images are known. However, those that send both the alarm message and verification over the Internet do so by combining them into one data stream on a single connection. This requires that the alarm monitoring station and the alarm verification station be combined on the same host. They do not permit the alarm verification function to be separated from the alarm monitoring function. Other systems are known in which the alarm system and a video server are separately connected to the Internet. These systems typically do not work well with firewalls or proxy servers, which are not intended to allow outside clients to connect to an inside server.
What is needed is a remote alarm monitoring system capable of communicating over a TCP/IP network, capable of communicating through a firewall without jeopardizing the security of the computer system protected by the firewall, and capable of separating the alarm monitoring and alarm verification functions
The invention seeks to provide an improved alarm signal and alarm verification system overcoming many of these problems. The invention enables the sending of alarm signals and alarm verification over the TCP/IP Network. The alarm signal includes the information which the alarm monitor and alarm verification station will require to make a connection to the alarm panel for alarm verification over the TCP/IP network. The alarm panel integrates means of sending and receiving alarm signals and alarm verification over the TCP/IP network. The alarm verification station can obtain information from the verification server over the TCP/IP network through firewalls.
In accordance with one aspect of the invention, there is provided a system and method of an alarm system for sending an alarm signal from an alarm panel host to a central monitoring host for, receiving an alarm signal, gathering information and composing a verification request, sending a verification request, receiving a verification request at the source, gathering and composing a verification data response, sending a verification data response, receiving a verification data response, and responding to the verification data response, and to determine the validity of an alarm situation over a TCP/IP network.
In accordance with another aspect of the invention, there is provided a system and method of an alarm system for sending an alarm signal from an alarm panel host to a central monitoring host for, receiving an alarm signal, gathering information and composing a verification request, sending a verification request to a verification host, connecting to a verification server, receiving a verification request at the source of the alarm, gathering and composing a verification data response, sending a verification data response, receiving a verification data response, and responding to the verification data response, and to determine the validity of an alarm situation over a TCP/IP network.
In accordance with another aspect of the invention, there is provided a system and method of an alarm system for sending an alarm signal from an alarm panel host to a central monitoring host, receiving an alarm signal, gathering information and composing a verification request, sending a verification request to a verification host, connecting to an intermediate server host, connecting to a verification server, receiving a verification request at the source of the alarm, gathering and composing a verification data response, sending a verification data response to an intermediate server host, sending a verification data response to a verification host, receiving a verification data response, and responding to the verification data response, to determine the validity of an alarm situation over a TCP/IP network.
In accordance with another aspect of the invention it should be noted that any combination of the host may be used. That is to say, each component, the alarm client, the verification server, the alarm monitor server, the alarm database, the verification station, and the intermediated server could all be hosted on different hosts.
The various features of novelty which characterize the invention are pointed out with more particularity in the claims annexed to and forming a part of this disclosure. For a better understanding of the invention, its operating advantages and specific objects attained by its use, reference should be made to the accompanying drawings and descriptive matter in which there are illustrated and described preferred embodiments of the invention.